Security flaw in Android, iOS, and Mac

Staff MemberRescue Squad

In all the exciting talk about android gaming systems, new phones, smart watches and pocket watches, I have to be a buzz kill and bring down the mood a little. There was a flaw back in the 90s that currently affect Mac, Android, and iOS (I would guess Linux machines since both iOS and Android were not built in the 90s) that forces websites to use a lower grade encryption for HTTPS connections. This exploit could allow hackers to steal personal information and data. Among some of the sites listed are American Express, Bloomberg, Business Insider, Marriott, and Groupon. Apple said they should have a fix out some time this week. Unfortunately Google can not push the fix to all Android devices as they have to deal with manufacturers and carriers.

Staff Member

A white hat hacker will hack to find flaws. A black hat hacker usually wants something out of it or is doing something malicious. The lines are crossed often and some remain in the gray area. Hackings is generally good. Because the networks and software we make and maintain are designed by humans, there will always be flaws. Someone needs to find them.

Staff MemberRescue Squad

A white hat hacker will hack to find flaws. A black hat hacker usually wants something out of it or is doing something malicious. The lines are crossed often and some remain in the gray area. Hackings is generally good. Because the networks and software we make and maintain are designed by humans, there will always be flaws. Someone needs to find them.

Click to expand...

What about the (rumored) flaws that are intentionally put in place for the government?

Staff Member

This exploit was shared privately to all the big software and hosting providers with a time limit to fix before they released the actual hack publicly. Patches are already in the works.

Click to expand...

That is how all exploits should be handled. It is a moral and integrity issue. Exploits should be brought up to the developer/manufacturer/etc. Give them time to make patches and push them. Then announce the exploit. Sadly, this is not always how it works out.